<?php
	require 'config.php';
	require 'function.php';
	require 'logger.php';
	
	session_start();		
	
	$authentication = new Authentication();
	$authentication->checkLogin();
	
	class Authentication
	{
		
		function __construct()
		{
						
		}
		
		public function checkLogin()
		{
			if($this->checkValidSession() == TRUE)
			{
				header(sprintf("Location: %s", "../index.php"));
			} else
			{
				if($this->checkvalidUser() == FALSE)
				{
					header(sprintf("Location: %s", "../login.php?validationresult=FALSE"));
				} else
				{
					header(sprintf("Location: %s", "../index.php"));
				}			
			}	
		}
		
		public function checkValidSession()
		{
			if(isset($_SESSION['logged_in']))
			{
				if($_SESSION['logged_in'] == TRUE)	
				{
					return TRUE;
				} else
				{
					return FALSE;
				}
			} else
			{
				return FALSE;
			}
		}
		
		public function checkValidUser()
		{
			
			if((isset($_POST['password'])) && (isset($_POST['username'])))
			{
				$username = $_POST['username'];
				$password = $_POST['password'];
			} else
			{
				return FALSE;
			}
			$user = santize($username);
			$pass = santize($password);
			$registered = TRUE;
			
			//validate username
			if(!($fetch = mysql_fetch_array(mysql_query("SELECT username FROM users WHERE username='$user'"))))
			{
				$registered = FALSE;
			}
			
			
			//validate password
			if($registered == TRUE)
			{
				$result = mysql_query("SELECT password FROM users WHERE username='$user'");
				$row = mysql_fetch_array($result);				
				$correctpassword = $row['password'];
				$salt = substr($correctpassword, 0, 64);
				$correcthash = substr($correctpassword, 64, 64);
				$userhash = hash("sha256", $salt . $pass);			
			}
			
			if($userhash != $correcthash || $result == FALSE)
			{	
				echo $userhash . "\n";
				echo $correcthash;
				exit();
				return FALSE;	
			}

			$random = genRandomString();
			$salt_ip = substr($random, 0, 15);
			$iptocheck = $_SERVER["REMOTE_ADDR"];
			
			$useragent = $_SERVER["HTTP_USER_AGENT"];
			$hash_user = sha1($salt_ip . $iptocheck .$useragent);
			
			$signature = $salt_ip . $hash_user;
			
			session_regenerate_id();
			
			$_SESSION['signature'] = $signature;
			$_SESSION['logged_in'] = TRUE;
			$_SESSION['LAST_ACTIVITY'] = time();			

			return TRUE;			
		}			
	}
/*
	session_start();

	require 'config.php';
	require 'logger.php';
	require 'function.php';
		
	$logined = TRUE;	
		
	$log = new Logger();

	if((isset($_SESSION['logged_in'])))
	{
		if(($_SESSION['logged_in']) == TRUE)
		{
			//valid user has logged-in to the website
			//check for unauthorized use of user sessions						
		} else
		{				
			header(sprintf("Location: %s", "login.php"));
		}
	} else
	{			
		//pre-define validation
		$validationresult = TRUE;
		$registered = TRUE;
		$recapchavalidation = TRUE;
		
		//check if user has logged in			
		//check if the form is submitted		
		if((isset($_POST['password'])) && (isset($_POST['username'])))
		{
			$user = santize($_POST["password"]);
			$pass = santize($_POST["username"]);
						
			//validate username
			if(!($fetch = mysql_fetch_array(mysql_query("SELECT username FROM users WHERE username='$user'"))))
			{
				$registered = FALSE;
			}

			//validate password
			if($registered == TRUE)
			{
				$result = mysql_query("SELECT password FROM users WHERE username='$user'");
				$row = mysql_fetch_array($result);
				$correctpassword = $row['password'];
				$salt = substr($correctpassword, 0, 64);
				$correcthash = substr($correctpassword, 64, 64);
				$userhash = hash("sha256", $salt . $pass);				
			}
			
			
			if((!($userhash == $correcthash)) || ($registered == FALSE))
			{
				//user login fails
				$validationresult = FALSE;
				header(sprintf("Location: %s", "../login.php?validationresult=FALSE"));
				//log login failed attempts to database
			} else 
			{			
																					
				$random = genRandomString();
				$salt_ip = substr($random, 0, $length_salt);
				$iptocheck = $_SERVER["REMOTE_ADDR"];
				
				$useragent = $_SERVER["HTTP_USER_AGENT"];
				$hash_user = sha1($salt_ip . $iptocheck .$useragent);
				
				$signature = $salt_ip . $hash_user;
				
				session_regenerate_id();
				
				$_SESSION['signature'] = $signature;
				$_SESSION['logged_in'] = TRUE;
				$_SESSION['LAST_ACTIVITY'] = time();
												
				header(sprintf("Location: %s", "index.php"));
			}			
		} else
		{													
			header(sprintf("Location: %s", "login.php"));
		}		
	}*/	
?>